commit: ca00fbff6cea187f3b7c99ff328c0f13dffef900
Author: Chris PeBenito <pebenito <AT> ieee <DOT> org>
AuthorDate: Wed Sep 7 21:51:42 2016 +0000
Commit: Jason Zaman <perfinion <AT> gentoo <DOT> org>
CommitDate: Mon Oct 3 06:04:21 2016 +0000
URL:
https://gitweb.gentoo.org/proj/hardened-refpolicy.git/commit/?id=ca00fbff
userdomain: Move enable_mls block in userdom_common_user_template().
policy/modules/system/userdomain.if | 22 +++++++++++-----------
1 file changed, 11 insertions(+), 11 deletions(-)
diff --git a/policy/modules/system/userdomain.if
b/policy/modules/system/userdomain.if
index 12585fb..e353c6e 100644
--- a/policy/modules/system/userdomain.if
+++ b/policy/modules/system/userdomain.if
@@ -592,6 +592,17 @@ template(`userdom_common_user_template',`
# to this one.
seutil_dontaudit_signal_newrole($1_t)
+ ifndef(`enable_mls',`
+ tunable_policy(`user_write_removable',`
+ # Read/write floppies and other removable devices
+ storage_raw_read_removable_device($1_t)
+ storage_raw_write_removable_device($1_t)
+ ',`
+ # Read floppies
+ storage_raw_read_removable_device($1_t)
+ ')
+ ')
+
tunable_policy(`user_direct_mouse',`
dev_read_mouse($1_t)
')
@@ -607,17 +618,6 @@ template(`userdom_common_user_template',`
term_getattr_all_ttys($1_t)
')
- ifndef(`enable_mls',`
- tunable_policy(`user_write_removable',`
- # Read/write floppies and other removable devices
- storage_raw_read_removable_device($1_t)
- storage_raw_write_removable_device($1_t)
- ',`
- # Read floppies
- storage_raw_read_removable_device($1_t)
- ')
- ')
-
tunable_policy(`user_write_removable',`
# Read/write USB devices (e.g. external removable USB mass
storage devices)
dev_rw_generic_usb_dev($1_t)
